Cisco IP Phone 7861 Denial of Service Vulnerability

A vulnerability in the Cisco IP Phone 7861 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper boundary restrictions when user-supplied input to the affected application is processed. An...

Multiple Vulnerabilities in Cisco ASA Software

Cisco Adaptive Security Appliance ASA Software is affected by the following vulnerabilities: Cisco ASA Failover Command Injection Vulnerability Cisco ASA DNS Memory Exhaustion Vulnerability Cisco ASA VPN XML Parser Denial of Service Vulnerability Successful exploitation of the Cisco ASA Failover...

Multiple Vulnerabilities in Cisco Unity Connection

Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol SIP trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP...

Cisco ASA Software SSL VPN Memory Blocks Exhaustion Vulnerability

A vulnerability in the SSL VPN feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory, which could lead to system instability and availability issues on the SSL VPN services. The vulnerability is due to improper implementation of...

Cisco Unity Connection Information Disclosure Vulnerability

A vulnerability in the Unified Messaging Service UMS of Cisco Unity Connection, could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to the inclusion of sensitive information in the logs. An attacker could exploit this vulnerability by viewing th...

Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability

A vulnerability in the Clientless SSL VPN portal customization framework could allow an unauthenticated, remote attacker to modify the content of the Clientless SSL VPN portal, which could lead to several attacks including the stealing of credentials, cross-site scripting XSS, and other types of...

Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability

A vulnerability in the TFTP request function of the Phone Proxy feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to pass traffic from an untrusted phone through the ASA. The vulnerability is due to a limitation in processing the TFTP request for...

Cisco Secure ACS Portal Session Management Vulnerability

A vulnerability in the portal interface of Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access the portal with the access capabilities of another user. The vulnerability is due to insufficient session management in the portal. An attacker could exploit...

Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability

Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel D-channel, causing all calls to be terminated and preventing users from making new calls. Cisco has released software updates that address this...

Undocumented Test Interface in Cisco Small Business Devices

A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Note: Additional research...

Cisco IOS XE Software TFTP Denial of Service Vulnerability

A vulnerability in the flow manager code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause flow manager to hold UDP sessions in its table. The vulnerability is due to not releasing memory for flows generated by TFTP UDP traffic. An attacker could exploit this...

Multiple Vulnerabilities in Cisco Web Security Appliance

Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities: Two authenticated command injection vulnerabilities Management GUI Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one ...

Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Cisco IOS Software IP Version 6 over Multiprotocol Label Switching Vulnerabilities

Cisco IOS Software is affected by two vulnerabilities that cause a Cisco IOS device to reload when processing IP version 6 IPv6 packets over a Multiprotocol Label Switching MPLS domain. These vulnerabilities are: Crafted IPv6 Packet May Cause MPLS-Configured Device to Reload ICMPv6 Packet May Cau...

Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Crafted TCP Packet Can Cause Denial of Service

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070124-crafted-tcp...

Cisco CatOS Telnet Buffer Vulnerability

...

Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...

Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

Cisco DNA Center Privilege Escalation Vulnerability

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker coul...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software VPN Authorization Bypass Vulnerability

A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF...

Cisco Identity Services Engine Unauthorized File Access Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to list, download, and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could explo...

Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to...

Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol SNMP trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerability

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability

A vulnerability in the access control list ACL programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a...

Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller EWC Software for Catalyst Access Points APs could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected AP. This vulnerability is due to insufficient buffer...

Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forward...

Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...

Cisco Email Security Appliance Zip Content Filter Bypass Vulnerability

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Denial of Service Vulnerability

Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software "fs" section of this advisory. See the Cisco Adaptive Security Appliance Software...

Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service DoS condition on the device. The vulnerability is due to insufficient...

Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability

A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient input validation when the ISDN...

Cisco Email Security Appliance Denial of Service Vulnerability

A vulnerability in the Transport Layer Security TLS protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service DoS condition. The...

Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attack...

Cisco StarOS IPv6 Denial of Service Vulnerability

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability b...

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could...

Cisco IOS Software for Catalyst 2960-L Series Switches and Catalyst CDB-8P Switches 802.1X Authentication Bypass Vulnerability

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of...

Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid...

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

A vulnerability in Role Based Access Control RBAC functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administrati...

Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure Vulnerability

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into argument...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...

Cisco Wireless LAN Controller Software Session Hijacking Vulnerability

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected...